NetworkingCCNANetwork+

OSI and TCP/IP Models Explained for CCNA and Network+

Every time you load a webpage, seven invisible layers of technology coordinate to make it happen and most people could not name three of them. The OSI model is the map. Once you understand it, every other networking concept finds its place: you know exactly why a router and a switch are fundamentally different tools, why TCP and UDP operate where they do, and why the exam asks which layer a problem is occurring at. CCNA and Network+ anchor nearly every troubleshooting and protocol question to these models, so the time you invest here pays off across the entire exam.

9 min

3 sections · 6 exam key points

5 practice questions

The seven OSI layers and what each one does

Layer 1 (Physical) deals with raw bit transmission. Cables, voltage levels, optical signals, and connectors. If a cable is unplugged, you are dealing with a Layer 1 problem. Hubs operate at Layer 1 because they simply repeat electrical signals to every port without any intelligence.

Layer 2 (Data Link) handles frame delivery on a single network segment using MAC addresses. Ethernet and 802.11 (Wi-Fi) live here. Switches operate at Layer 2: they read the destination MAC address in each frame and forward it only to the correct port. This is why switches are smarter than hubs.

Layer 3 (Network) handles logical addressing and routing between networks. IP addresses live here. Routers operate at Layer 3: they read destination IP addresses and make forwarding decisions based on routing tables. ICMP (the protocol behind ping) and OSPF also operate at Layer 3.

Layer 4 (Transport) provides end-to-end delivery, segmentation, and flow control. Port numbers live here. TCP provides reliable, ordered, connection-oriented delivery using a three-way handshake, acknowledgments, and retransmission. UDP is connectionless and unreliable, sending data without waiting for acknowledgment. This makes UDP faster and suitable for real-time traffic like video and voice where a dropped packet is better than a delayed one.

Layers 5, 6, and 7 (Session, Presentation, Application) handle session management, data formatting (encryption, compression, encoding), and user-facing protocols. HTTP, HTTPS, FTP, SMTP, DNS, DHCP, and SSH all live at Layer 7. For exam purposes, these three upper layers are often treated as one when the TCP/IP Application layer is being discussed.

Encapsulation and PDU names by layer

As data travels down the stack from the application to the physical layer, each layer wraps the data in its own header. This is encapsulation. When you send an email, the application layer creates the message. Transport adds a TCP segment header. Network adds an IP packet header. Data Link adds an Ethernet frame header and trailer. Physical converts everything to bits.

Each layer's version of the data has a specific name: Data at the upper layers (7-5), Segment at Layer 4 for TCP or Datagram for UDP, Packet at Layer 3, Frame at Layer 2, and Bits at Layer 1. The exam uses these names precisely. When a question says a router drops a packet, it is operating at Layer 3. When a switch floods a frame, it is Layer 2.

Decapsulation is the reverse: the receiving device strips each header as the data moves up the stack. The destination does not process the encapsulation from layers its application does not care about. The Ethernet frame header is removed at Layer 2, leaving the IP packet for Layer 3 processing, and so on up to the application.

TCP/IP model and how to choose the correct answer

The TCP/IP model has four layers that map to OSI: Network Access (combines OSI Layers 1 and 2), Internet (OSI Layer 3), Transport (OSI Layer 4), and Application (OSI Layers 5, 6, and 7). TCP/IP is the model that reflects how actual protocols are implemented. OSI is the reference model used for teaching, troubleshooting, and vendor-neutral discussion.

Device layer identification: Hub = Layer 1 (repeats bits). Switch = Layer 2 (forwards by MAC). Router = Layer 3 (routes by IP). Layer 3 switch = both Layer 2 and Layer 3.

Troubleshooting by layer: cannot ping across networks but can ping locally = Layer 3 routing issue. Can ping but cannot connect to a service = Layer 4 or above. Physical link not up = Layer 1. MAC table problem = Layer 2.

PDU names to memorize: Segment or Datagram (Layer 4), Packet (Layer 3), Frame (Layer 2), Bits (Layer 1). Upper layers are just called Data.

OSI layers quick reference

Layer	Name	PDU	Key protocols / devices	Addressing
7	Application	Data	HTTP, HTTPS, DNS, DHCP, SMTP, SSH	None
6	Presentation	Data	SSL/TLS negotiation, JPEG, ASCII encoding	None
5	Session	Data	NetBIOS, RPC	None
4	Transport	Segment / Datagram	TCP (reliable), UDP (fast)	Port numbers
3	Network	Packet	IP, ICMP, OSPF -- Routers	IP addresses
2	Data Link	Frame	Ethernet, 802.11 -- Switches	MAC addresses
1	Physical	Bits	Cables, hubs, NICs	None

Key exam facts — CCNA / Network+

OSI = 7 layers. TCP/IP = 4 layers (Application, Transport, Internet, Network Access).
PDUs: Data (7-5), Segment/Datagram (4), Packet (3), Frame (2), Bits (1).
Switch = Layer 2 (MAC). Router = Layer 3 (IP). Hub = Layer 1 (floods, no intelligence).
TCP: reliable, connection-oriented, ordered, uses three-way handshake.
UDP: connectionless, unreliable, fast. For DNS, DHCP, VoIP, video streaming.
Encapsulation: headers added going down. Decapsulation: headers removed going up.

Common exam traps

TCP/IP has seven layers like the OSI model.

TCP/IP has four layers. OSI has seven. The TCP/IP Application layer corresponds to OSI layers 5, 6, and 7 combined. Both models describe the same networking reality with different levels of detail.

Switches operate at Layer 3.

Standard switches operate at Layer 2, forwarding frames by MAC address. A Layer 3 switch adds routing capability but a basic switch is strictly Layer 2. The question 'which layer does a switch operate at' always means Layer 2 unless the question specifies a multilayer or Layer 3 switch.

Hubs and switches both forward traffic intelligently.

Hubs operate at Layer 1 and flood every port with every signal they receive. They have no intelligence. Switches build MAC address tables and forward frames only to the correct port. The performance and security difference is significant.

Practice questions — OSI & TCP/IP Models

These questions are representative of what you will see on CCNA, Network+ exams. The correct answer and explanation are shown immediately below each question.

Q1.A network administrator is troubleshooting connectivity. A user can ping other devices on the same subnet but cannot reach resources on a different subnet. At which OSI layer is the problem most likely occurring?

A.Layer 1 (Physical)

B.Layer 2 (Data Link)

C.Layer 3 (Network)

D.Layer 4 (Transport)

Explanation: Pinging within the same subnet confirms Layer 1 and Layer 2 are working correctly. The inability to reach a different subnet indicates a problem at Layer 3 (routing). The issue could be a missing or incorrect default gateway on the host, a routing table problem on the router, or a misconfigured interface. Layer 4 issues would manifest as inability to use specific services even when ping works.

Q2.Which PDU (Protocol Data Unit) name is used at OSI Layer 4 when TCP is the transport protocol?

A.Frame

B.Packet

C.Segment

D.Datagram

Explanation: Layer 4 TCP uses Segments. UDP uses Datagrams. Layer 3 IP uses Packets. Layer 2 Ethernet uses Frames. Layer 1 uses Bits. These PDU names are tested precisely on CCNA and Network+. A TCP segment includes source and destination port numbers, sequence number, acknowledgment number, flags, and data.

Q3.HTTP operates at which layer of the OSI model?

A.Layer 4 (Transport)

B.Layer 5 (Session)

C.Layer 6 (Presentation)

D.Layer 7 (Application)

Explanation: HTTP (and HTTPS, FTP, DNS, SMTP, SSH) operate at Layer 7 (Application). The Application layer provides protocols for user-facing services. TCP and UDP operate at Layer 4. IP operates at Layer 3. Ethernet operates at Layer 2. SSL/TLS encryption is sometimes described as Layer 6 (Presentation) in the OSI model.

Q4.A router receives a packet destined for a remote network. At which OSI layer does the router make the forwarding decision?

A.Layer 2, using MAC addresses

B.Layer 3, using IP addresses

C.Layer 4, using port numbers

D.Layer 7, using application data

Explanation: Routers operate at Layer 3 and make forwarding decisions based on IP addresses in the packet header. When a packet arrives, the router strips the Layer 2 frame, reads the Layer 3 destination IP address, looks it up in the routing table, and forwards the packet (in a new Layer 2 frame) out the appropriate interface. Switches use Layer 2 MAC addresses.

Q5.Which protocol uses a three-way handshake to establish a reliable connection before data transfer?

A.UDP

B.ICMP

C.TCP

D.ARP

Explanation: TCP (Transmission Control Protocol) at Layer 4 uses a three-way handshake (SYN, SYN-ACK, ACK) to establish a connection before sending data. This ensures both parties are ready to communicate and sequences packets for ordered delivery. UDP is connectionless and sends data without establishing a connection. ICMP is used for diagnostics (ping). ARP resolves IP to MAC addresses.

Frequently asked questions — OSI & TCP/IP Models

What are the seven layers of the OSI model?

From bottom to top: Layer 1 Physical (cables, signals, bits), Layer 2 Data Link (MAC addresses, Ethernet frames, switches), Layer 3 Network (IP addresses, routing, packets), Layer 4 Transport (TCP/UDP, ports, segments), Layer 5 Session (session management), Layer 6 Presentation (encryption, encoding, compression), Layer 7 Application (HTTP, DNS, SMTP, user-facing protocols). Memory aid: Please Do Not Throw Sausage Pizza Away.

What is the difference between TCP and UDP?

TCP (Transmission Control Protocol) is connection-oriented: establishes a connection via three-way handshake before data transfer, guarantees ordered delivery with sequence numbers, retransmits lost packets, and provides flow control. TCP is used for applications where reliability matters: HTTP/HTTPS, SSH, FTP, email. UDP (User Datagram Protocol) is connectionless: sends data without establishing a connection, no guarantee of delivery or order, no retransmission. UDP is used where speed matters over reliability: DNS, DHCP, VoIP, video streaming, gaming.

How many layers does the TCP/IP model have?

The TCP/IP model has four layers: Network Access (combining OSI Layers 1 and 2), Internet (OSI Layer 3 — IP, ICMP, ARP), Transport (OSI Layer 4 — TCP, UDP), and Application (OSI Layers 5, 6, 7 — HTTP, DNS, SMTP, etc.). TCP/IP reflects how actual protocols are implemented. OSI is a reference model used for teaching and troubleshooting.

What is encapsulation and decapsulation?

Encapsulation is the process of adding headers (and sometimes trailers) as data moves down the OSI stack toward transmission. Application data gets a TCP segment header at Layer 4, an IP packet header at Layer 3, and an Ethernet frame header/trailer at Layer 2. Decapsulation is the reverse process at the receiving end — each layer strips its own header as data moves up the stack. A router decapsulates to Layer 3, makes a routing decision, and re-encapsulates in a new Layer 2 frame.

How is the OSI model tested on CCNA and Network+?

CCNA and Network+ test layer identification (which layer does a router/switch/hub operate at?), PDU names (segment, packet, frame, bits), troubleshooting by layer (is this a physical, data link, network, or transport issue?), and protocol placement (HTTP = Layer 7, TCP = Layer 4, IP = Layer 3, Ethernet = Layer 2). Both exams use OSI layer references in many questions without explicitly naming it — understanding it is foundational to interpreting all other networking topics.

Practice this topic

CCNApractice questions Network+practice questions

Test yourself on OSI & TCP/IP Models

JT Exams routes you to questions in your exact weak areas — automatically, after every session.

Free practice test Start 7-Day Free Trial

No credit card · Cancel anytime